Aggregator

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Threat Attack Daily - 2nd of June 2025

A vulnerability was found in PHPGurukul Online Shopping Portal Project 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument Product leads to sql injection. This vulnerability was named CVE-2025-5367. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. This issue affects some unknown processing of the file /expense-yearwise-reports-detailed.php. The manipulation of the argument todate leads to sql injection. The identification of this vulnerability is CVE-2025-5368. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in SourceCodester PHP Display Username After Login 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. This vulnerability is traded as CVE-2025-5369. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Relevanssi Plugin on WordPress. This issue affects some unknown processing of the component Excerpt Highlights Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-5016. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument Username leads to sql injection. This vulnerability is known as CVE-2025-5370. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Offsprout Page Builder Plugin up to 2.15.2 on WordPress. This issue affects the function permission_callback. The manipulation leads to improper authorization. The identification of this vulnerability is CVE-2025-4672. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Profitori Plugin up to 2.0.6.0/2.1.1.3 on WordPress. Affected is the function save_object_as_user. The manipulation of the argument meta leads to missing authorization. This vulnerability is traded as CVE-2025-4631. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in PSW Front-end Login & Registration Plugin up to 1.12 on WordPress and classified as problematic. Affected by this vulnerability is the function customer_registration. The manipulation leads to weak password recovery. This vulnerability is known as CVE-2025-4607. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in WP-GeoMeta Plugin 0.3.4/0.3.5 on WordPress and classified as critical. Affected by this issue is the function wp_ajax_wpgm_start_geojson_import. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2025-4103. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Element Pack Addons for Elementor Plugin up to 5.11.2 on WordPress. It has been classified as problematic. This affects the function marker_content. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-5292. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Product Subtitle for WooCommerce Plugin up to 1.3.9 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument htmlTag leads to cross site scripting. This vulnerability was named CVE-2025-5285. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Daisycon Prijsvergelijkers Plugin up to 4.8.4 on WordPress. It has been rated as problematic. This issue affects the function daisycon_uitvaart of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-4590. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in FastSpring Plugin up to 3.0.1 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-4595. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Royal Elementor Addons and Templates Plugin up to 1.7.1020 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation of the argument _elementor_data leads to cross site scripting. This vulnerability is known as CVE-2025-3813. The attack can be launched remotely. There is no exploit available.

Ransomware Attack Update for the 2nd of June 2025

可能迫使俄罗斯转入防御态势，加剧全球对无人机战争的关注。世界各国应学习乌克兰对低成本远程无人机的创新运用，强调建立强大的防空体系、情报整合和非对称战略的必要性。此次行动的成功凸显了现代战争越来越重视适应性、技术和精确性，而非传统的军事实力。

See how Morpheus AI fully automates the L1 & L2 SOC pipeline, triaging 95% of alerts in under 2 minutes and cutting investigation times by 99%.

The post How Morpheus AI Automates the Entire L1 & L2 Pipeline appeared first on D3 Security.

The post How Morpheus AI Automates the Entire L1 & L2 Pipeline appeared first on Security Boulevard.